From 5f73e286b53ce4bb163223ee200ec2e63b1f25da Mon Sep 17 00:00:00 2001 From: Jason He Date: Mon, 26 Nov 2018 18:09:46 -0800 Subject: [PATCH 1/2] make internal flag configurable for bastion LB. --- load_balancer.tf | 2 +- variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/load_balancer.tf b/load_balancer.tf index 2ad158e..e391f6d 100644 --- a/load_balancer.tf +++ b/load_balancer.tf @@ -5,7 +5,7 @@ resource "aws_lb" "bastion-service" { name = "${md5(format("bastion-service-%s",var.vpc))}" load_balancer_type = "network" - internal = false + internal = "${var.lb_is_internal}" subnets = ["${var.subnets_lb}"] enable_cross_zone_load_balancing = true tags = "${var.tags}" diff --git a/variables.tf b/variables.tf index a194a79..8c867bb 100755 --- a/variables.tf +++ b/variables.tf @@ -91,6 +91,12 @@ variable "lb_interval" { default = "30" } +variable "lb_is_internal" { + type = "string" + description = "whether the lb will be internal" + default = false +} + variable "asg_max" { type = "string" description = "Max numbers of bastion-service hosts in ASG" From 9ddfb048fc12cfdb8642cb26a3d38efe50e91ec7 Mon Sep 17 00:00:00 2001 From: Jason He Date: Mon, 26 Nov 2018 18:24:55 -0800 Subject: [PATCH 2/2] update README with the new lb_is_internal var --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 90e375e..8043a83 100755 --- a/README.md +++ b/README.md @@ -246,6 +246,7 @@ These have been generated with [terraform-docs](https://github.com/segmentio/ter | lb_healthcheck_port | TCP port to conduct lb target group healthchecks. Acceptable values are 22 or 2222 | string | `2222` | no | | lb_healthy_threshold | Healthy threshold for lb target group | string | `2` | no | | lb_interval | interval for lb target group health check | string | `30` | no | +| lb_is_internal | whether the lb will be internal | string | false | no | | lb_unhealthy_threshold | Unhealthy threshold for lb target group | string | `2` | no | | route53_zone_id | Route53 zoneId | string | `` | no | | security_groups_additional | additional security group IDs to attach to host instance | list | `` | no |